Upgrading the Certdog Database
DO NOT PERFORM THIS STEP ON VERSIONS 1.17 OR LATER
Contact Krestfield Support if you are unsure whether this step needs to be carried out
These instructions relate to versions 1.16 and earlier and result in a newer database being installed
These steps MUST be carried out before upgrading from version 1.16 as all future versions utilise the later database formats
Pre-requisites
You will need the database admin password. This is the password that was entered when the server was first installed.
The database must use a TLS connection. Note that, for free versions before 1.16, TLS was not enabled by default on the database
To enable TLS, stop the Krestfield CertDog Service, then edit [CERTDOG INSTALL]\config\application.properties. At the top of the file, add ?tls=true to the end of the spring.data.mongodb.uri. For example, if you have:
spring.data.mongodb.uri=mongodb://certmanuser:1TPEwGJ2h1CBcoG0suUX@127.0.0.1/certman
Update so it looks like this:
spring.data.mongodb.uri=mongodb://certmanuser:1TPEwGJ2h1CBcoG0suUX@127.0.0.1/certman?tls=true
Next edit [CERTDOG INSTALL]\mongodb\bin\mongod.cfg adding the following to the net section:
tls:
mode: requireTLS
certificateKeyFile: C:\certdog\mongodb\..\config\sslcerts\dbssl.pem
allowConnectionsWithoutCertificates: true
E.g. if you have:
...
net:
bindIp: 127.0.0.1
port: 27017
setParameter:
enableLocalhostAuthBypass: false
...
It would become:
net:
bindIp: 127.0.0.1
port: 27017
tls:
mode: requireTLS
certificateKeyFile: C:\certdog\mongodb\..\config\sslcerts\dbssl.pem
allowConnectionsWithoutCertificates: true
setParameter:
enableLocalhostAuthBypass: false
Ensuring that your path names are correct. E.g. in this example we use c:\certdog as the default installation. Update appropriately
Verify the server still starts and operates after these changes have been made
Backup
Open the services snapin and stop the following services:
- Krestfield Cerdog Service
- Krestfield Cerdog Database

(To open the services snapin - click Start, type services and select the Services App)
Backup the current installation by copying the entire install folder. E.g. if the installation resides at c:\certdog copy (or zip up) the entire folder
Upgrade the database
Open a PowerShell window as administrator
Navigate to [CERT DOG INSTALL]\install e.g. C:\certdog\install and run:
.\upgrade-db.ps1
This script will ask for the database admin password
Note
The script is unaware of what updates have been made to the TLS certificates. It replaces them all with versions it knows will operate correctly.
If you have have made changes to your TLS certificates - server or database, they are copied to: .\certdog\config\sslcerts.bak[TIMESTAMP] e.g. .\certdog\config\sslcerts.bak.20260226-1012 and they must then be manually coped back to the .\sslcerts folder
Troubleshooting
If the script does not complete and you see an error such as
Database dump failed. Exiting.
Verify that the admin password for the database is correct
Verify that you meet the pre-requisites mentioned at the top of this page
The script outputs the following files (located in the .\certdog\install folder:
-
upgradedblog.txt
-
upgradedblog.out
Any errors during the process will be available in these files
If the script completes OK but the system is unavailable, check if the following services are running:
-
Krestfield Certdog Service
-
Krestfield CertDog Database
If these are not running. First attempt to start the Krestfield Certdog Database service. If this still won’t start perform the following:
Navigate to .\certdog\mongodb\bin and open mongod.cfg
...
net:
bindIp: 127.0.0.1
port: 27017
tls:
mode: requireTLS
certificateKeyFile: C:\certdog\mongodb\..\config\sslcerts\dbssl.pem
CAFile: C:\certdog\mongodb\..\config\sslcerts\dbssl_root.pem
CAFile: C:\certdog\mongodb\..\config\sslcerts\dbssl_root.pem
allowConnectionsWithoutCertificates: true
setParameter:
enableLocalhostAuthBypass: false
replication:
replSetName: replocal
security:
authorization: "enabled"
clusterAuthMode: x509
clusterAuthMode: x509
If you see any duplicate lines, remove the duplicates. For example, in this example, there are duplicates for CAFile:
CAFile: C:\certdog\mongodb\..\config\sslcerts\dbssl_root.pem
CAFile: C:\certdog\mongodb\..\config\sslcerts\dbssl_root.pem
and clusterAuthMode:
clusterAuthMode: x509
clusterAuthMode: x509
So remove the duplicate items so there is only one CAFile:
CAFile: C:\certdog\mongodb\..\config\sslcerts\dbssl_root.pem
and one clusterAuthMode:
clusterAuthMode: x509
Do this for any other duplicates found.
Save the mongod.cfg file and attempt to restart the services in this order:
-
Krestfield Certdog Service
-
Krestfield CertDog Database
If the upgrade does fail and cannot be recovered, rollback the installation by stopping the services and re-instating the backed up files (as carried out in the Backup section above). Once restored, re-start the services